problem of php

Status
Not open for further replies.
Bryon

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
Register globals are turned off now on the server. (Which is a good thing!)

Look for it on here if you don't believe me:
http://70.86.136.178/~nedren/phpinfo.php?pass=lol

Instead of:
$HTTP_REFERER
$REMOTE_ADDR

Use the $_SERVER superglobal array:

$_SERVER['HTTP_REFERER']
$_SERVER['REMOTE_ADDR']
 
R

redired

New Member
Messages
22
Reaction score
0
Points
0
Thanx, and it is not possible to be activated?
because it is a problem for my
 
Last edited:
Bryon

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
It's possible for it to be on. (It was set on before the server was wiped.. )

It is a lot safer for it to be off though. It shouldn't be too hard for everyone to adapt their scripts to it.

Take a look at this:

http://us3.php.net/register_globals said:
PHP: 
<?php
// define $authorized = true only if user is authenticated
if (authenticated_user()) {
   $authorized = true;
}

// Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!
if ($authorized) {
   include "/highly/sensitive/data.php";
}
?>

When register_globals = on, our logic above may be compromised. When off, $authorized can't be set via request so it'll be fine, although it really is generally a good programming practice to initialize variables first. For example, in our example above we might have first done $authorized = false. Doing this first means our above code would work with register_globals on or off as users by default would be unauthorized.
Click to expand...

Check out: http://us3.php.net/register_globals
 
Last edited:
Status
Not open for further replies.
Top